| |||||||||||||||||||
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
On Mon, Feb 25, 2013 at 11:41:33AM +0100, Mathias Krause wrote: > But sorry, I won't disclose any further details, to not get into legal > issues. In Germany it's quite hairy to do things like that :/ > But I can provide you my PoC in a private email -- for security evaluation. This is not necessary since we don't use these "too recent" kernels, but thanks for offering. Here's a curious tweet: <_argp> Since full-disclosure has been DDoSed to oblivion, here's huku's sock_diag 1 year-old exploit: http://pastebin.com/gwn1qErx The pastebin has: --- Who the fuck DDoS'ed full-disclosure? ;) http://sysc.tl/mpougatsa_me_krema_kai_milko.tgz ---------- Forwarded message ---------- From: huku <huku-49+yhFPIGMysTnJN9+BGXg@public.gmane.org> Date: Mon, 25 Feb 2013 01:18:38 +0200 Subject: CVE-2013-1763 local root exploit To: full-disclosure-yjGSz5NhYZxwCIiogXJnzFpr/1R2p/CL@public.gmane.org Greetings fly to Daphne Rosen, Gianna Michaels and Carmella Bing. ./hk --- SHA-1: c5904fdaea3e212bb84592e6e2ce3a640b14308c mpougatsa_me_krema_kai_milko.tgz Two of the files in the tarball have timestamps of 2012-07-14. Of course, this is no proof, but it does appear that the bug was privately known since about July 2012. The README says: "A trimmed down version of an old exploit for the recently published `sock_diag_handlers[]' vulnerability :(" The code contains: printf("Linux kernel >= 3.2 NETLINK_INET_DIAG 0day\n"); printf("by huku <huku _at_ grhack _dot_ net>\n"); Is ">= 3.2" an error (should have been ">= 3.3" as your original posting in here said)? (The difference may be whether Ubuntu 12.04 is affected.) Alexander (Log in to post comments)
|
|||||||||||||||||||